npm - @private.me/xbind - Versions diffs - 3.0.0 → 3.0.2 - Mend

@private.me/xbind 3.0.0 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/README.md +55 -7
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1920 -1
package/dist-standalone/_deps/shared/cjs/errors.js +729 -1
package/dist-standalone/_deps/shared/cjs/index.js +463 -1
package/dist-standalone/_deps/shared/cjs/types.js +315 -1
package/dist-standalone/_deps/shared/errors.js +244 -1
package/dist-standalone/_deps/shared/index.js +72 -1
package/dist-standalone/_deps/shared/types.js +86 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +659 -1
package/dist-standalone/agent-sdk.js +328 -1
package/dist-standalone/agent.js +1800 -1
package/dist-standalone/approval.js +193 -1
package/dist-standalone/async-iterators.js +382 -1
package/dist-standalone/auth.js +219 -1
package/dist-standalone/auto-accept.js +229 -1
package/dist-standalone/backup-config.js +201 -1
package/dist-standalone/backup.js +326 -1
package/dist-standalone/batch-operations.js +388 -1
package/dist-standalone/cancellation.js +477 -1
package/dist-standalone/checkpoint.js +186 -1
package/dist-standalone/circuit-breaker.js +468 -1
package/dist-standalone/cjs/agent-call.js +701 -1
package/dist-standalone/cjs/agent-sdk.js +332 -1
package/dist-standalone/cjs/agent.js +1837 -1
package/dist-standalone/cjs/approval.js +199 -1
package/dist-standalone/cjs/async-iterators.js +392 -1
package/dist-standalone/cjs/auth.js +225 -1
package/dist-standalone/cjs/auto-accept.js +233 -1
package/dist-standalone/cjs/backup-config.js +207 -1
package/dist-standalone/cjs/backup.js +330 -1
package/dist-standalone/cjs/batch-operations.js +397 -1
package/dist-standalone/cjs/cancellation.js +490 -1
package/dist-standalone/cjs/checkpoint.js +193 -1
package/dist-standalone/cjs/circuit-breaker.js +476 -1
package/dist-standalone/cjs/cli/init.js +492 -1
package/dist-standalone/cjs/config-validation.js +522 -1
package/dist-standalone/cjs/connect.js +312 -1
package/dist-standalone/cjs/connection-pool.js +506 -1
package/dist-standalone/cjs/correlation-id.js +339 -1
package/dist-standalone/cjs/crypto-utils.js +176 -1
package/dist-standalone/cjs/debug-mode.js +534 -1
package/dist-standalone/cjs/did-document.js +101 -1
package/dist-standalone/cjs/did-privateme.js +130 -1
package/dist-standalone/cjs/did-web.js +201 -1
package/dist-standalone/cjs/discovery.js +462 -1
package/dist-standalone/cjs/dual-mode.js +251 -1
package/dist-standalone/cjs/email-templates.js +313 -1
package/dist-standalone/cjs/email-transport.js +239 -1
package/dist-standalone/cjs/envelope.js +538 -1
package/dist-standalone/cjs/errors.js +913 -1
package/dist-standalone/cjs/event-emitter.js +461 -1
package/dist-standalone/cjs/gateway-state.js +55 -1
package/dist-standalone/cjs/gateway-transport.js +120 -1
package/dist-standalone/cjs/graceful-degradation.js +403 -1
package/dist-standalone/cjs/guardrails.js +223 -1
package/dist-standalone/cjs/health-check.js +336 -1
package/dist-standalone/cjs/http-compat.js +272 -1
package/dist-standalone/cjs/http-status-map.js +571 -1
package/dist-standalone/cjs/identity.js +645 -1
package/dist-standalone/cjs/index.js +406 -1
package/dist-standalone/cjs/invitation.js +421 -1
package/dist-standalone/cjs/invite.js +328 -1
package/dist-standalone/cjs/key-agreement.js +335 -1
package/dist-standalone/cjs/lazy-init.js +300 -1
package/dist-standalone/cjs/logger.js +291 -1
package/dist-standalone/cjs/mdns-discovery.js +202 -1
package/dist-standalone/cjs/nonce-store.js +80 -1
package/dist-standalone/cjs/pairing-manager.js +223 -1
package/dist-standalone/cjs/plugin-system.js +264 -1
package/dist-standalone/cjs/plugins/logging.js +168 -1
package/dist-standalone/cjs/plugins/metrics.js +181 -1
package/dist-standalone/cjs/plugins/validation.js +302 -1
package/dist-standalone/cjs/policy.js +320 -1
package/dist-standalone/cjs/progress-callbacks.js +583 -1
package/dist-standalone/cjs/redis-nonce-store.js +76 -1
package/dist-standalone/cjs/registry-middleware.js +50 -1
package/dist-standalone/cjs/retry-strategies.js +544 -1
package/dist-standalone/cjs/retry-transport.js +102 -1
package/dist-standalone/cjs/runtime/browser.js +533 -1
package/dist-standalone/cjs/runtime/edge.js +526 -1
package/dist-standalone/cjs/runtime/react-native.js +394 -1
package/dist-standalone/cjs/security-policy.js +245 -1
package/dist-standalone/cjs/serialization.js +1040 -1
package/dist-standalone/cjs/split-channel.js +225 -1
package/dist-standalone/cjs/subscription-proof.js +230 -1
package/dist-standalone/cjs/succession.js +148 -1
package/dist-standalone/cjs/timeouts.js +412 -1
package/dist-standalone/cjs/trace-context.js +424 -1
package/dist-standalone/cjs/trace-spans.js +495 -1
package/dist-standalone/cjs/transport.js +63 -1
package/dist-standalone/cjs/trust-registry.js +991 -1
package/dist-standalone/cjs/types/error-response.js +56 -1
package/dist-standalone/cjs/vault-auth.js +178 -1
package/dist-standalone/cjs/vault-store-loader.js +194 -1
package/dist-standalone/cjs/verify.js +25 -1
package/dist-standalone/cjs/version-info.js +543 -1
package/dist-standalone/cjs/xfetch.js +340 -1
package/dist-standalone/cli/init.js +455 -1
package/dist-standalone/cli/setup.js +514 -1
package/dist-standalone/cli/types.js +27 -1
package/dist-standalone/cli/xbind.js +148 -1
package/dist-standalone/config-validation.js +513 -1
package/dist-standalone/connect.js +274 -1
package/dist-standalone/connection-pool.js +500 -1
package/dist-standalone/correlation-id.js +326 -1
package/dist-standalone/crypto-utils.js +157 -1
package/dist-standalone/debug-mode.js +510 -1
package/dist-standalone/did-document.js +96 -1
package/dist-standalone/did-privateme.js +121 -1
package/dist-standalone/did-web.js +196 -1
package/dist-standalone/discovery.js +458 -1
package/dist-standalone/dual-mode.js +247 -1
package/dist-standalone/email-templates.js +309 -1
package/dist-standalone/email-transport.js +232 -1
package/dist-standalone/envelope.js +525 -1
package/dist-standalone/errors.js +896 -1
package/dist-standalone/event-emitter.js +456 -1
package/dist-standalone/gateway-state.js +51 -1
package/dist-standalone/gateway-transport.js +116 -1
package/dist-standalone/graceful-degradation.js +396 -1
package/dist-standalone/guardrails.js +216 -1
package/dist-standalone/health-check.js +332 -1
package/dist-standalone/http-compat.js +267 -1
package/dist-standalone/http-status-map.js +561 -1
package/dist-standalone/identity.js +619 -1
package/dist-standalone/index.js +78 -1
package/dist-standalone/invitation.js +415 -1
package/dist-standalone/invite.js +324 -1
package/dist-standalone/key-agreement.js +325 -1
package/dist-standalone/lazy-init.js +295 -1
package/dist-standalone/logger.js +285 -1
package/dist-standalone/mdns-discovery.js +195 -1
package/dist-standalone/nonce-store.js +76 -1
package/dist-standalone/pairing-manager.js +219 -1
package/dist-standalone/plugin-system.js +257 -1
package/dist-standalone/plugins/logging.d.ts +84 -0
package/dist-standalone/plugins/logging.js +163 -0
package/dist-standalone/plugins/metrics.d.ts +111 -0
package/dist-standalone/plugins/metrics.js +176 -0
package/dist-standalone/plugins/validation.d.ts +104 -0
package/dist-standalone/plugins/validation.js +297 -0
package/dist-standalone/policy.js +315 -1
package/dist-standalone/progress-callbacks.js +576 -1
package/dist-standalone/redis-nonce-store.js +72 -1
package/dist-standalone/registry-middleware.js +47 -1
package/dist-standalone/retry-strategies.js +534 -1
package/dist-standalone/retry-transport.js +98 -1
package/dist-standalone/runtime/browser.d.ts +311 -0
package/dist-standalone/runtime/browser.js +516 -0
package/dist-standalone/runtime/edge.d.ts +282 -0
package/dist-standalone/runtime/edge.js +511 -0
package/dist-standalone/runtime/react-native.d.ts +157 -0
package/dist-standalone/runtime/react-native.js +383 -0
package/dist-standalone/security-policy.js +239 -1
package/dist-standalone/serialization.js +1031 -1
package/dist-standalone/split-channel.js +219 -1
package/dist-standalone/subscription-proof.js +224 -1
package/dist-standalone/succession.js +142 -1
package/dist-standalone/timeouts.js +398 -1
package/dist-standalone/trace-context.js +414 -1
package/dist-standalone/trace-spans.js +488 -1
package/dist-standalone/transport.js +59 -1
package/dist-standalone/trust-registry.js +950 -1
package/dist-standalone/types/error-response.d.ts +209 -0
package/dist-standalone/types/error-response.js +52 -0
package/dist-standalone/vault-auth.js +174 -1
package/dist-standalone/vault-store-loader.js +187 -1
package/dist-standalone/verify.js +16 -1
package/dist-standalone/version-info.js +530 -1
package/dist-standalone/xfetch.js +335 -1
package/package.json +4 -10
package/share1.dat +0 -0
package/dist-standalone/_deps/mldsa-wasm/LICENSE +0 -24
package/dist-standalone/_deps/mldsa-wasm/package.json +0 -46
package/dist-standalone/_deps/shared/cjs/package.json +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/package.json +0 -1
package/dist-standalone/_deps/xchange/cjs/package.json +0 -1
package/dist-standalone/_deps/xregistry/cjs/package.json +0 -1
package/dist-standalone/cjs/package.json +0 -3
package/dist-standalone/package.json +0 -10

package/dist-standalone/cjs/backup.js CHANGED Viewed

@@ -1 +1,330 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.exportBackup=exportBackup,exports.importBackup=importBackup;const shared_1=require("../_deps/shared/index.js"),crypto_utils_js_1=require("./crypto-utils.js"),identity_js_1=require("./identity.js"),PBKDF2_ITERATIONS=31e4,SALT_LENGTH=16,IV_LENGTH=12,KEY_LENGTH=32;function toArrayBuffer(e){const t=new ArrayBuffer(e.byteLength);return new Uint8Array(t).set(e),t}async function deriveKey(e,t){try{if(t.length!==SALT_LENGTH)return(0,shared_1.err)("INVALID_BACKUP");const r=await crypto.subtle.importKey("raw",(new TextEncoder).encode(e),"PBKDF2",!1,["deriveBits"]),s=new Uint8Array(await crypto.subtle.deriveBits({name:"PBKDF2",hash:"SHA-256",salt:toArrayBuffer(t),iterations:31e4},r,256)),a=await crypto.subtle.importKey("raw",toArrayBuffer(s),{name:"AES-GCM"},!1,["encrypt","decrypt"]);return(0,shared_1.ok)(a)}catch{return(0,shared_1.err)("PBKDF2_FAILED")}}async function serializeIdentity(e){try{const t=await(0,identity_js_1.exportPKCS8)(e.privateKey);if(!t.ok)return(0,shared_1.err)("EXPORT_FAILED");const r=await(0,identity_js_1.exportX25519PKCS8)(e.x25519PrivateKey);if(!r.ok)return(0,shared_1.err)("EXPORT_FAILED");const s=(0,identity_js_1.exportMlKemSecretKey)(e),a=(0,identity_js_1.exportMlKemPublicKey)(e),o=(0,identity_js_1.exportMlDsaSecretKey)(e),i=(0,identity_js_1.exportMlDsaPublicKey)(e),_=e.rotatedKeys?await Promise.all(e.rotatedKeys.map(async e=>{const t=await(0,identity_js_1.exportX25519PKCS8)(e.x25519PrivateKey);if(!t.ok)throw new Error("Failed to export rotated X25519 key");return{rotatedAt:e.rotatedAt,x25519Pkcs8:(0,crypto_utils_js_1.toBase64)(t.value),...e.mlKemSecretKey?{mlKemSecretKey:(0,crypto_utils_js_1.toBase64)(e.mlKemSecretKey)}:{}}})):void 0;return(0,shared_1.ok)({did:e.did,rawPublicKey:(0,crypto_utils_js_1.toBase64)(e.rawPublicKey),ed25519Pkcs8:(0,crypto_utils_js_1.toBase64)(t.value),x25519Pkcs8:(0,crypto_utils_js_1.toBase64)(r.value),...s?{mlKemSecretKey:(0,crypto_utils_js_1.toBase64)(s)}:{},...a?{mlKemPublicKey:(0,crypto_utils_js_1.toBase64)(a)}:{},...o?{mlDsaSecretKey:(0,crypto_utils_js_1.toBase64)(o)}:{},...i?{mlDsaPublicKey:(0,crypto_utils_js_1.toBase64)(i)}:{},..._?{rotatedKeys:_}:{},exportedAt:Date.now()})}catch{return(0,shared_1.err)("EXPORT_FAILED")}}async function exportBackup(e,t){try{const r=await serializeIdentity(e);if(!r.ok)return r;const s=crypto.getRandomValues(new Uint8Array(SALT_LENGTH)),a=crypto.getRandomValues(new Uint8Array(IV_LENGTH)),o=await deriveKey(t,s);if(!o.ok)return o;const i=JSON.stringify(r.value),_=(new TextEncoder).encode(i),c=await crypto.subtle.encrypt({name:"AES-GCM",iv:toArrayBuffer(a)},o.value,_),n=new Uint8Array(c);if(n.length<16)return(0,shared_1.err)("ENCRYPTION_FAILED");const y=n.length-16,u=n.slice(0,y),l=n.slice(y);return(0,shared_1.ok)({version:1,salt:(0,crypto_utils_js_1.toBase64)(s),iv:(0,crypto_utils_js_1.toBase64)(a),ciphertext:(0,crypto_utils_js_1.toBase64)(u),tag:(0,crypto_utils_js_1.toBase64)(l)})}catch{return(0,shared_1.err)("ENCRYPTION_FAILED")}}async function importBackup(e,t){try{if(1!==e.version)return(0,shared_1.err)("INVALID_BACKUP");let r,s,a,o;try{r=(0,crypto_utils_js_1.fromBase64)(e.salt),s=(0,crypto_utils_js_1.fromBase64)(e.iv),a=(0,crypto_utils_js_1.fromBase64)(e.ciphertext),o=(0,crypto_utils_js_1.fromBase64)(e.tag)}catch{return(0,shared_1.err)("INVALID_BACKUP")}if(r.length!==SALT_LENGTH||s.length!==IV_LENGTH||16!==o.length)return(0,shared_1.err)("INVALID_BACKUP");const i=await deriveKey(t,r);if(!i.ok)return i;const _=new Uint8Array(a.length+o.length);let c,n,y,u,l,d,p,K;_.set(a),_.set(o,a.length);try{c=await crypto.subtle.decrypt({name:"AES-GCM",iv:toArrayBuffer(s)},i.value,toArrayBuffer(_))}catch(e){return console.warn("[xBind] GCM verification failed:",e),(0,shared_1.err)("INVALID_PASSWORD")}try{const e=(new TextDecoder).decode(c);n=JSON.parse(e)}catch{return(0,shared_1.err)("INVALID_BACKUP")}if(!n.did||!n.ed25519Pkcs8||!n.x25519Pkcs8)return(0,shared_1.err)("INVALID_BACKUP");try{y=(0,crypto_utils_js_1.fromBase64)(n.ed25519Pkcs8),u=(0,crypto_utils_js_1.fromBase64)(n.x25519Pkcs8),n.mlKemSecretKey&&(l=(0,crypto_utils_js_1.fromBase64)(n.mlKemSecretKey)),n.mlKemPublicKey&&(d=(0,crypto_utils_js_1.fromBase64)(n.mlKemPublicKey)),n.mlDsaSecretKey&&(p=(0,crypto_utils_js_1.fromBase64)(n.mlDsaSecretKey)),n.mlDsaPublicKey&&(K=(0,crypto_utils_js_1.fromBase64)(n.mlDsaPublicKey))}catch{return(0,shared_1.err)("INVALID_BACKUP")}const m=await(0,identity_js_1.importIdentity)(y,u,l,d,p,K);if(!m.ok)return(0,shared_1.err)("IMPORT_FAILED");if(n.rotatedKeys&&n.rotatedKeys.length>0){const e=m.value,t=await Promise.all(n.rotatedKeys.map(async e=>{const t=(0,crypto_utils_js_1.fromBase64)(e.x25519Pkcs8),r=await crypto.subtle.importKey("pkcs8",toArrayBuffer(t),{name:"X25519"},!0,["deriveBits"]),s=e.mlKemSecretKey?(0,crypto_utils_js_1.fromBase64)(e.mlKemSecretKey):void 0;return{rotatedAt:e.rotatedAt,x25519PrivateKey:r,...s?{mlKemSecretKey:s}:{}}}));return(0,shared_1.ok)({...e,rotatedKeys:t})}return m}catch(e){return console.warn("[xBind] Import backup failed:",e),(0,shared_1.err)("DECRYPTION_FAILED")}}
+"use strict";
+/**
+ * Encrypted Backup and Restore (RCV-3)
+ *
+ * Exports and imports encrypted identity and cryptographic state.
+ * Uses PBKDF2 (NIST SP 800-132) for key derivation and AES-256-GCM
+ * for authenticated encryption.
+ *
+ * @module backup
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exportBackup = exportBackup;
+exports.importBackup = importBackup;
+const shared_1 = require("../_deps/shared/index.js");
+const crypto_utils_js_1 = require("./crypto-utils.js");
+const identity_js_1 = require("./identity.js");
+/* ── Constants ── */
+/** PBKDF2 iterations for key derivation (NIST SP 800-132 minimum: 100,000). */
+const PBKDF2_ITERATIONS = 310_000;
+/** PBKDF2 salt length in bytes. */
+const SALT_LENGTH = 16;
+/** AES-256-GCM IV length in bytes. */
+const IV_LENGTH = 12;
+/** AES-256-GCM key length in bytes. */
+const KEY_LENGTH = 32;
+/* ── Utility Functions ── */
+/**
+ * Copy Uint8Array to fresh ArrayBuffer (avoids SharedArrayBuffer type issues).
+ */
+function toArrayBuffer(data) {
+    const buf = new ArrayBuffer(data.byteLength);
+    new Uint8Array(buf).set(data);
+    return buf;
+}
+/**
+ * Derive a 256-bit AES key from password using PBKDF2-SHA256.
+ *
+ * Uses NIST SP 800-132 recommended parameters:
+ * - 310,000 iterations (as of 2025, recommended for 100ms delay on modern hardware)
+ * - SHA-256 as PRF
+ * - 16-byte salt
+ *
+ * @param password - User password (UTF-8 string).
+ * @param salt - 16-byte random salt.
+ * @returns AES-256 key or error.
+ */
+async function deriveKey(password, salt) {
+    try {
+        if (salt.length !== SALT_LENGTH) {
+            return (0, shared_1.err)('INVALID_BACKUP');
+        }
+        // Import password as PBKDF2 base key
+        const baseKey = await crypto.subtle.importKey('raw', new TextEncoder().encode(password), 'PBKDF2', false, ['deriveBits']);
+        // Derive 256 bits (32 bytes) for AES-256
+        const derivedBits = new Uint8Array(await crypto.subtle.deriveBits({
+            name: 'PBKDF2',
+            hash: 'SHA-256',
+            salt: toArrayBuffer(salt),
+            iterations: PBKDF2_ITERATIONS,
+        }, baseKey, 256));
+        // Import derived key as AES-GCM key
+        const aesKey = await crypto.subtle.importKey('raw', toArrayBuffer(derivedBits), { name: 'AES-GCM' }, false, ['encrypt', 'decrypt']);
+        return (0, shared_1.ok)(aesKey);
+    }
+    catch {
+        return (0, shared_1.err)('PBKDF2_FAILED');
+    }
+}
+/**
+ * Serialize an AgentIdentity to a plaintext backup payload.
+ * (The payload is then encrypted before storage.)
+ */
+async function serializeIdentity(identity) {
+    try {
+        // Export Ed25519 and X25519 private keys as PKCS8
+        const ed25519PkResult = await (0, identity_js_1.exportPKCS8)(identity.privateKey);
+        if (!ed25519PkResult.ok)
+            return (0, shared_1.err)('EXPORT_FAILED');
+        const x25519PkResult = await (0, identity_js_1.exportX25519PKCS8)(identity.x25519PrivateKey);
+        if (!x25519PkResult.ok)
+            return (0, shared_1.err)('EXPORT_FAILED');
+        // Collect ML-KEM and ML-DSA keys if present
+        const mlKemSecretKey = (0, identity_js_1.exportMlKemSecretKey)(identity);
+        const mlKemPublicKey = (0, identity_js_1.exportMlKemPublicKey)(identity);
+        const mlDsaSecretKey = (0, identity_js_1.exportMlDsaSecretKey)(identity);
+        const mlDsaPublicKey = (0, identity_js_1.exportMlDsaPublicKey)(identity);
+        // Serialize rotated keys
+        const rotatedKeys = identity.rotatedKeys
+            ? await Promise.all(identity.rotatedKeys.map(async (rotated) => {
+                const x25519Pk = await (0, identity_js_1.exportX25519PKCS8)(rotated.x25519PrivateKey);
+                if (!x25519Pk.ok)
+                    throw new Error('Failed to export rotated X25519 key');
+                return {
+                    rotatedAt: rotated.rotatedAt,
+                    x25519Pkcs8: (0, crypto_utils_js_1.toBase64)(x25519Pk.value),
+                    ...(rotated.mlKemSecretKey ? { mlKemSecretKey: (0, crypto_utils_js_1.toBase64)(rotated.mlKemSecretKey) } : {}),
+                };
+            }))
+            : undefined;
+        return (0, shared_1.ok)({
+            did: identity.did,
+            rawPublicKey: (0, crypto_utils_js_1.toBase64)(identity.rawPublicKey),
+            ed25519Pkcs8: (0, crypto_utils_js_1.toBase64)(ed25519PkResult.value),
+            x25519Pkcs8: (0, crypto_utils_js_1.toBase64)(x25519PkResult.value),
+            ...(mlKemSecretKey ? { mlKemSecretKey: (0, crypto_utils_js_1.toBase64)(mlKemSecretKey) } : {}),
+            ...(mlKemPublicKey ? { mlKemPublicKey: (0, crypto_utils_js_1.toBase64)(mlKemPublicKey) } : {}),
+            ...(mlDsaSecretKey ? { mlDsaSecretKey: (0, crypto_utils_js_1.toBase64)(mlDsaSecretKey) } : {}),
+            ...(mlDsaPublicKey ? { mlDsaPublicKey: (0, crypto_utils_js_1.toBase64)(mlDsaPublicKey) } : {}),
+            ...(rotatedKeys ? { rotatedKeys } : {}),
+            exportedAt: Date.now(),
+        });
+    }
+    catch {
+        return (0, shared_1.err)('EXPORT_FAILED');
+    }
+}
+/* ── Export: Encrypt Identity to Backup ── */
+/**
+ * Export an identity as an encrypted backup blob.
+ *
+ * Encrypts the complete identity (Ed25519, X25519, ML-KEM, ML-DSA keys,
+ * rotated keys) with a password using PBKDF2 + AES-256-GCM.
+ *
+ * The backup can be stored safely in cloud storage, version control, or
+ * transmitted over untrusted channels. Only the password holder can decrypt.
+ *
+ * Security:
+ * - PBKDF2-SHA256 with 310,000 iterations (≈100ms on modern hardware)
+ * - AES-256-GCM for authenticated encryption
+ * - Random salt + IV for each backup (no two backups are identical)
+ * - 16-byte GCM tag prevents tampering
+ *
+ * @param identity - Agent identity to backup.
+ * @param password - User password (plaintext). Will be PBKDF2 derived.
+ * @returns Encrypted backup blob or error.
+ *
+ * @example
+ * ```typescript
+ * import { generateIdentity } from '@private.me/xbind';
+ * import { exportBackup } from '@private.me/xbind';
+ *
+ * const identity = await generateIdentity();
+ * if (!identity.ok) throw identity.error;
+ *
+ * const backup = await exportBackup(identity.value, 'user-password');
+ * if (!backup.ok) throw backup.error;
+ *
+ * // Store backup securely
+ * const json = JSON.stringify(backup.value);
+ * localStorage.setItem('backup', json);
+ * ```
+ */
+async function exportBackup(identity, password) {
+    try {
+        // Serialize identity to plaintext payload
+        const payloadResult = await serializeIdentity(identity);
+        if (!payloadResult.ok)
+            return payloadResult;
+        // Generate random salt and IV
+        const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));
+        const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));
+        // Derive AES key from password
+        const keyResult = await deriveKey(password, salt);
+        if (!keyResult.ok)
+            return keyResult;
+        // Encrypt payload as JSON
+        const payloadJson = JSON.stringify(payloadResult.value);
+        const plaintext = new TextEncoder().encode(payloadJson);
+        // Encrypt with AES-256-GCM
+        const encryptResult = await crypto.subtle.encrypt({ name: 'AES-GCM', iv: toArrayBuffer(iv) }, keyResult.value, plaintext);
+        const ciphertext = new Uint8Array(encryptResult);
+        // GCM includes authentication tag in the ciphertext.
+        // Split: ciphertext is everything except last 16 bytes, tag is last 16 bytes.
+        // (Web Crypto API appends the tag to the ciphertext)
+        if (ciphertext.length < 16) {
+            return (0, shared_1.err)('ENCRYPTION_FAILED');
+        }
+        const ctLen = ciphertext.length - 16;
+        const ct = ciphertext.slice(0, ctLen);
+        const tag = ciphertext.slice(ctLen);
+        return (0, shared_1.ok)({
+            version: 1,
+            salt: (0, crypto_utils_js_1.toBase64)(salt),
+            iv: (0, crypto_utils_js_1.toBase64)(iv),
+            ciphertext: (0, crypto_utils_js_1.toBase64)(ct),
+            tag: (0, crypto_utils_js_1.toBase64)(tag),
+        });
+    }
+    catch {
+        return (0, shared_1.err)('ENCRYPTION_FAILED');
+    }
+}
+/* ── Import: Decrypt Backup to Identity ── */
+/**
+ * Restore an identity from an encrypted backup blob.
+ *
+ * Decrypts the backup using PBKDF2-derived AES key. Verifies authenticity
+ * with GCM tag before returning plaintext keys.
+ *
+ * @param backup - Encrypted backup blob.
+ * @param password - User password (plaintext). Will be PBKDF2 derived.
+ * @returns Restored AgentIdentity or error.
+ *
+ * @example
+ * ```typescript
+ * import { importBackup } from '@private.me/xbind';
+ *
+ * const json = localStorage.getItem('backup');
+ * const backup = JSON.parse(json);
+ *
+ * const identity = await importBackup(backup, 'user-password');
+ * if (!identity.ok) {
+ *   if (identity.error === 'INVALID_PASSWORD') {
+ *     console.error('Wrong password!');
+ *   } else {
+ *     throw identity.error;
+ *   }
+ * }
+ *
+ * // Now use restored identity
+ * const agent = new Agent(identity.value);
+ * ```
+ */
+async function importBackup(backup, password) {
+    try {
+        // Validate version
+        if (backup.version !== 1) {
+            return (0, shared_1.err)('INVALID_BACKUP');
+        }
+        // Decode base64 fields
+        let salt;
+        let iv;
+        let ciphertext;
+        let tag;
+        try {
+            salt = (0, crypto_utils_js_1.fromBase64)(backup.salt);
+            iv = (0, crypto_utils_js_1.fromBase64)(backup.iv);
+            ciphertext = (0, crypto_utils_js_1.fromBase64)(backup.ciphertext);
+            tag = (0, crypto_utils_js_1.fromBase64)(backup.tag);
+        }
+        catch {
+            return (0, shared_1.err)('INVALID_BACKUP');
+        }
+        // Validate lengths
+        if (salt.length !== SALT_LENGTH || iv.length !== IV_LENGTH || tag.length !== 16) {
+            return (0, shared_1.err)('INVALID_BACKUP');
+        }
+        // Derive AES key from password
+        const keyResult = await deriveKey(password, salt);
+        if (!keyResult.ok)
+            return keyResult;
+        // Reconstruct full GCM input (ciphertext + tag)
+        const gcmInput = new Uint8Array(ciphertext.length + tag.length);
+        gcmInput.set(ciphertext);
+        gcmInput.set(tag, ciphertext.length);
+        // Decrypt with AES-256-GCM
+        let plaintext;
+        try {
+            plaintext = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: toArrayBuffer(iv) }, keyResult.value, toArrayBuffer(gcmInput));
+        }
+        catch (decryptErr) {
+            // GCM authentication failure (wrong password or tampered backup)
+            console.warn('[xBind] GCM verification failed:', decryptErr);
+            return (0, shared_1.err)('INVALID_PASSWORD');
+        }
+        // Parse JSON payload
+        let payload;
+        try {
+            const jsonStr = new TextDecoder().decode(plaintext);
+            payload = JSON.parse(jsonStr);
+        }
+        catch {
+            return (0, shared_1.err)('INVALID_BACKUP');
+        }
+        // Validate payload structure
+        if (!payload.did || !payload.ed25519Pkcs8 || !payload.x25519Pkcs8) {
+            return (0, shared_1.err)('INVALID_BACKUP');
+        }
+        // Decode base64 keys
+        let ed25519Pkcs8;
+        let x25519Pkcs8;
+        let mlKemSecretKey;
+        let mlKemPublicKey;
+        let mlDsaSecretKey;
+        let mlDsaPublicKey;
+        try {
+            ed25519Pkcs8 = (0, crypto_utils_js_1.fromBase64)(payload.ed25519Pkcs8);
+            x25519Pkcs8 = (0, crypto_utils_js_1.fromBase64)(payload.x25519Pkcs8);
+            if (payload.mlKemSecretKey)
+                mlKemSecretKey = (0, crypto_utils_js_1.fromBase64)(payload.mlKemSecretKey);
+            if (payload.mlKemPublicKey)
+                mlKemPublicKey = (0, crypto_utils_js_1.fromBase64)(payload.mlKemPublicKey);
+            if (payload.mlDsaSecretKey)
+                mlDsaSecretKey = (0, crypto_utils_js_1.fromBase64)(payload.mlDsaSecretKey);
+            if (payload.mlDsaPublicKey)
+                mlDsaPublicKey = (0, crypto_utils_js_1.fromBase64)(payload.mlDsaPublicKey);
+        }
+        catch {
+            return (0, shared_1.err)('INVALID_BACKUP');
+        }
+        // Import identity from decoded keys
+        const identity = await (0, identity_js_1.importIdentity)(ed25519Pkcs8, x25519Pkcs8, mlKemSecretKey, mlKemPublicKey, mlDsaSecretKey, mlDsaPublicKey);
+        if (!identity.ok)
+            return (0, shared_1.err)('IMPORT_FAILED');
+        // Restore rotated keys if present
+        if (payload.rotatedKeys && payload.rotatedKeys.length > 0) {
+            const restored = identity.value;
+            const rotatedKeys = await Promise.all(payload.rotatedKeys.map(async (rk) => {
+                const x25519Pk = (0, crypto_utils_js_1.fromBase64)(rk.x25519Pkcs8);
+                const x25519PrivateKey = await crypto.subtle.importKey('pkcs8', toArrayBuffer(x25519Pk), { name: 'X25519' }, true, ['deriveBits']);
+                const mlKemSecretKeyRk = rk.mlKemSecretKey ? (0, crypto_utils_js_1.fromBase64)(rk.mlKemSecretKey) : undefined;
+                return {
+                    rotatedAt: rk.rotatedAt,
+                    x25519PrivateKey,
+                    ...(mlKemSecretKeyRk ? { mlKemSecretKey: mlKemSecretKeyRk } : {}),
+                };
+            }));
+            // Return identity with restored rotated keys
+            return (0, shared_1.ok)({
+                ...restored,
+                rotatedKeys: rotatedKeys,
+            });
+        }
+        return identity;
+    }
+    catch (importErr) {
+        console.warn('[xBind] Import backup failed:', importErr);
+        return (0, shared_1.err)('DECRYPTION_FAILED');
+    }
+}